coop-cloud/penpot
coop-cloud/penpot
0
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

Compare commits

base: coop-cloud:1.8.2-alpha+1.8.2-alpha
Branches Tags
coop-cloud:main
coop-cloud:2.0.1+1.19.3
coop-cloud:2.0.0+1.19.1
coop-cloud:1.8.2-alpha+1.8.2-alpha
coop-cloud:1.7.1-alpha+1.7.1-alpha
coop-cloud:1.4.0-alpha
...
compare: coop-cloud:main
Branches Tags
coop-cloud:main
coop-cloud:2.0.1+1.19.3
coop-cloud:2.0.0+1.19.1
coop-cloud:1.8.2-alpha+1.8.2-alpha
coop-cloud:1.7.1-alpha+1.7.1-alpha
coop-cloud:1.4.0-alpha

9 Commits
1.8.2-alph ... main

Author SHA1 Message Date
kawaiipunk
8fbe402386
Attempt to fix CI secret generation
Some checks failed
continuous-integration/drone/push Build is failing
Details
2024-03-28 15:08:18 +00:00
kawaiipunk
00c72d17ed
Added catalouge build to .drone
Some checks failed
continuous-integration/drone/push Build is failing
Details
2024-03-28 15:01:43 +00:00
kawaiipunk
28cbee691e chore: publish 2.0.1+1.19.3 release
Some checks failed
continuous-integration/drone/push Build is failing
Details
2024-03-28 14:04:31 +00:00
knoflook
e52ae0ad24 chore: publish 2.0.0+1.19.1 release
Some checks failed
continuous-integration/drone/push Build is failing
Details
2023-09-08 22:19:18 +02:00
3wc
5a43aaabca Switch to self-hosted stack-ssh-deploy image [mass update]
Some checks failed
continuous-integration/drone/push Build is failing
Details
2023-01-21 11:49:56 -08:00
3wc
4827656be4 Add secrets for Drone
Some checks failed
continuous-integration/drone/push Build is failing
Details
2023-01-20 18:57:20 -08:00
3wc
72900a247b Fix CI by adding networks: [mass update]
Some checks failed
continuous-integration/drone/push Build is failing
Details
2023-01-20 11:58:41 -08:00
3wc
169a12008b Update abra syntax in examples (finally) [mass update]
Some checks failed
continuous-integration/drone/push Build is failing
Details
2023-01-19 16:02:28 -08:00
3wc
2fbb41adff Goodbye, emojis! 😢 
[ci skip]
 2021-11-23 12:19:05 +02:00
5 changed files with 108 additions and 92 deletions
Show Stats Expand all files Collapse all files

30
.drone.yml
View File

@ -3,17 +3,39 @@ kind: pipeline
name: deploy to swarm-test.autonomic.zone name: deploy to swarm-test.autonomic.zone
steps: steps:
- name: deployment - name: deployment
image: decentral1se/stack-ssh-deploy:latest image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
settings: settings:
host: swarm-test.autonomic.zone host: swarm-test.autonomic.zone
stack: ${REPO_NAME_SNAKE} stack: penpot
networks:
- proxy
purge: true purge: true
deploy_key: deploy_key:
from_secret: drone_ssh_swarm_test from_secret: drone_ssh_swarm_test
environment: environment:
DOMAIN: ${REPO_NAME_KEBAB}.swarm-test.autonomic.zone DOMAIN: penpot.swarm-test.autonomic.zone
STACK_NAME: ${REPO_NAME_SNAKE} STACK_NAME: penpot
LETS_ENCRYPT_ENV: production LETS_ENCRYPT_ENV: production
APP_ENTRYPOINT_CONF_VERSION: v1
BACKEND_ENTRYPOINT_CONF_VERSION: v1
SECRET_PENPOT_DB_PASSWORD_VERSION: v1
SECRET_SMTP_PASSWORD_VERSION: v1
trigger: trigger:
branch: branch:
- main - main
---
kind: pipeline
name: generate recipe catalogue
steps:
- name: release a new version
image: plugins/downstream
settings:
server: https://build.coopcloud.tech
token:
from_secret: drone_abra-bot_token
fork: true
repositories:
- coop-cloud/auto-recipes-catalogue-json
trigger:
event: tag

45
.env.sample
View File

@ -5,28 +5,21 @@ DOMAIN=penpot.example.com
#EXTRA_DOMAINS=', `www.${REPO_NAME_KEBAB}.example.com`' #EXTRA_DOMAINS=', `www.${REPO_NAME_KEBAB}.example.com`'
LETS_ENCRYPT_ENV=production LETS_ENCRYPT_ENV=production
# By default files upload by user are stored in local # Generate the secret key manually and insert it e.g.
# filesystem. But it can be configured to store in AWS S3 or # dd if=/dev/urandom bs=1 count=64 | base64 -
# completelly in de the database. Storing in the database makes SECRET_SECRET_KEY_VERSION=v1
# the backups more easy but will make access to media less SECRET_DB_PASSWORD_VERSION=v1
# performant.
PENPOT_STORAGE_BACKEND=fs
# Telemetry. When enabled, a periodical process will send ## All flags take the format of enable-flag-name or disable-flag-name
# annonymous data about this instance. Telemetry data will # List of flags:
# enable us to learn on how the application is used based on # demo-users email-verification log-emails log-invitation-tokens login-with-github login-with-gitlab login-with-google login-with-ldap login-with-oidc login-with-password registration secure-session-cookies smtp smtp-debug telemetry webhooks prepl-server
# real scenarios. If you want to help us, please leave it PENPOT_FLAGS="enable-registration enable-login-with-password disable-email-verification enable-prepl-server disable-telemetry"
# enabled. In any case you can see the source code of both
# client and server in the penpot repository.
PENPOT_TELEMETRY_ENABLED=false
# Email sending configuration. By default emails are printed in ## If not set, mails will be printed to logs
# console, but for production usage is recommeded to setup a #PENPOT_FLAGS="$PENPOT_FLAGS enable-smtp"
# real SMTP provider. Emails are used for confirm user #SECRET_SMTP_PASSWORD_VERSION=v1
# registration. #PENPOT_SMTP_DEFAULT_FROM=penpot@example.com
PENPOT_SMTP_ENABLED=false #PENPOT_SMTP_DEFAULT_REPLY_TO=penpot@example.com
PENPOT_SMTP_DEFAULT_FROM=penpot@example.com
PENPOT_SMTP_DEFAULT_REPLY_TO=penpot@example.com
#PENPOT_SMTP_HOST=smtp.example.com #PENPOT_SMTP_HOST=smtp.example.com
#PENPOT_SMTP_PORT=25 #PENPOT_SMTP_PORT=25
#PENPOT_SMTP_USERNAME=username #PENPOT_SMTP_USERNAME=username
@ -34,10 +27,18 @@ PENPOT_SMTP_DEFAULT_REPLY_TO=penpot@example.com
#PENPOT_SMTP_TLS=true #PENPOT_SMTP_TLS=true
#PENPOT_SMTP_SSL=false #PENPOT_SMTP_SSL=false
SECRET_DB_PASSWORD_VERSION=v1 ## Store assets in the filesystem
SECRET_SMTP_PASSWORD_VERSION=v1 PENPOT_ASSETS_STORAGE_BACKEND=assets-fs
PENPOT_ASSETS_FS_DIRECTORY=/opt/data/assets
## Or store them in an S3 bucket
#- PENPOT_ASSETS_STORAGE_BACKEND=assets-s3
#- PENPOT_STORAGE_ASSETS_S3_ENDPOINT=http://penpot-minio:9000
#- PENPOT_STORAGE_ASSETS_S3_BUCKET=<BUKET_NAME>
#- AWS_ACCESS_KEY_ID=<KEY_ID>
#- AWS_SECRET_ACCESS_KEY=<ACCESS_KEY>
# e.g. for Keycloak https://id.example.com/auth/realms/example/ # e.g. for Keycloak https://id.example.com/auth/realms/example/
#PENPOT_FLAGS_FRONTEND="$PENPOT_FLAGS_FRONTEND enable-login-with-oidc"
#PENPOT_OIDC_BASE_URI= #PENPOT_OIDC_BASE_URI=
#PENPOT_OIDC_CLIENT_ID= #PENPOT_OIDC_CLIENT_ID=
#PENPOT_OIDC_CLIENT_SECRET= #PENPOT_OIDC_CLIENT_SECRET=

8
README.md
View File

@ -2,13 +2,13 @@
<!-- metadata --> <!-- metadata -->
* **Category**: Apps * **Category**: Apps
* **Status**: ❹💣 * **Status**: 0, work-in-progress
* **Image**: [`penpotapp/*`](https://hub.docker.com/r/penpotapp) * **Image**: [`penpotapp/*`](https://hub.docker.com/r/penpotapp)
* **Healthcheck**: * **Healthcheck**:
* **Backups**: * **Backups**:
* **Email**: * **Email**:
* **Tests**: * **Tests**:
* **SSO**: ❶💚 (OAuth) * **SSO**: 3 (OAuth)
<!-- endmetadata --> <!-- endmetadata -->
## Basic usage ## Basic usage
@ -17,9 +17,9 @@
2. Deploy [`coop-cloud/traefik`] 2. Deploy [`coop-cloud/traefik`]
3. `abra app new penpot --secrets` (optionally with `--pass` if you'd like 3. `abra app new penpot --secrets` (optionally with `--pass` if you'd like
to save secrets in `pass`) to save secrets in `pass`)
4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to 4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to
your Docker swarm box your Docker swarm box
5. `abra app YOURAPPDOMAIN deploy` 5. `abra app deploy YOURAPPDOMAIN`
6. Open the configured domain in your browser to finish set-up 6. Open the configured domain in your browser to finish set-up
[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra [`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra

116
compose.yml
View File

@ -1,92 +1,86 @@
version: "3.8" version: "3.8"
x-environment:
&default-env
- PENPOT_PUBLIC_URI=https://{domain}
- PENPOT_DATABASE_URI=postgresql://postgres/penpot
- PENPOT_DATABASE_USERNAME=penpot
- PENPOT_DATABASE_PASSWORD_FILE=/run/secrets/db_password
- PENPOT_REDIS_URI=redis://redis/0
- PENPOT_STORAGE_BACKEND
- PENPOT_STORAGE_FS_DIRECTORY=/opt/data/assets
- PENPOT_TELEMETRY_ENABLED
- PENPOT_SMTP_ENABLED
- PENPOT_SMTP_DEFAULT_FROM
- PENPOT_SMTP_DEFAULT_REPLY_TO
- PENPOT_SMTP_HOST
- PENPOT_SMTP_PORT
- PENPOT_SMTP_USERNAME
- PENPOT_SMTP_TLS
- PENPOT_SMTP_SSL
services: services:
app: app:
image: "penpotapp/frontend:1.8.2-alpha" image: "penpotapp/frontend:1.19.3"
networks: networks:
- proxy - proxy
- backend - internal
volumes: volumes:
- penpot_assets:/opt/data - penpot_assets:/opt/data
depends_on: depends_on:
- penpot-backend - penpot-backend
- penpot-exporter - penpot-exporter
environment: *default-env environment:
entrypoint: /entrypoint.override.sh - PENPOT_FLAGS
secrets: secrets:
- db_password - db_password
configs:
- source: app_entrypoint
target: /entrypoint.override.sh
mode: 0555
deploy: deploy:
restart_policy: restart_policy:
condition: on-failure condition: on-failure
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
# Redirect from EXTRA_DOMAINS to DOMAIN
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
- coop-cloud.${STACK_NAME}.version=0.2.0+1.8.2-alpha - "coop-cloud.${STACK_NAME}.version=2.0.1+1.19.3"
penpot-backend: penpot-backend:
image: "penpotapp/backend:1.8.2-alpha" image: "penpotapp/backend:1.19.3"
volumes: volumes:
- penpot_assets:/opt/data - penpot_assets:/opt/data
depends_on: depends_on:
- postgres - penpot-postgres
- redis - penpot-redis
environment: *default-env environment:
- PENPOT_FLAGS
- PENPOT_PREPL_HOST=0.0.0.0 # I don't really understand what that is for
- PENPOT_PUBLIC_URI=${DOMAIN}
- PENPOT_SECRET_KEY_FILE=/run/secrets/secret_key
- PENPOT_DATABASE_PASSWORD_FILE=/run/secrets/db_password
- PENPOT_DATABASE_URI=postgresql://penpot-postgres/penpot
- PENPOT_DATABASE_USERNAME=penpot
- PENPOT_REDIS_URI=redis://penpot-redis/0
- PENPOT_SMTP_DEFAULT_FROM
- PENPOT_SMTP_DEFAULT_REPLY_TO
- PENPOT_SMTP_HOST
- PENPOT_SMTP_PORT
- PENPOT_SMTP_USERNAME
- PENPOT_SMTP_PASSWORD
- PENPOT_SMTP_TLS
- PENPOT_SMTP_SSL
- PENPOT_ASSETS_STORAGE_BACKEND
- PENPOT_ASSETS_FS_DIRECTORY
- PENPOT_STORAGE_ASSETS_S3_ENDPOINT
- PENPOT_STORAGE_ASSETS_S3_BUCKET
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
secrets: secrets:
- db_password - db_password
- secret_key
configs: configs:
- source: backend_entrypoint - source: backend_entrypoint
target: /docker-entrypoint.sh target: /docker-entrypoint.sh
mode: 0555 mode: 0555
entrypoint: /docker-entrypoint.sh entrypoint: /docker-entrypoint.sh
networks: networks:
- backend - internal
# FIXME 3wc: this is only required for email
- proxy
deploy:
labels:
- coop-cloud.${STACK_NAME}.penpot-backend.version=1.4.0-alpha-
penpot-exporter: penpot-exporter:
image: "penpotapp/exporter:1.8.2-alpha" image: "penpotapp/exporter:1.19.3"
environment: environment:
# Don't touch it; this uses internal docker network to
# communicate with the frontend.
- PENPOT_PUBLIC_URI=http://app - PENPOT_PUBLIC_URI=http://app
- PENPOT_REDIS_URI=redis://penpot-redis/0
networks: networks:
- backend - internal
deploy:
labels: penpot-postgres:
- coop-cloud.${STACK_NAME}.penpot-exporter.version=1.4.0-alpha-617c54da image: "postgres:16.2"
postgres:
image: "postgres:14"
stop_signal: SIGINT stop_signal: SIGINT
secrets: secrets:
- db_password - db_password
@ -98,31 +92,23 @@ services:
volumes: volumes:
- postgres:/var/lib/postgresql/data - postgres:/var/lib/postgresql/data
networks: networks:
- backend - internal
deploy:
labels: penpot-redis:
- coop-cloud.${STACK_NAME}.postgres.version=13-61d5d8ef image: redis:7.2.4
redis:
image: redis:6
networks: networks:
- backend - internal
deploy:
labels:
- coop-cloud.${STACK_NAME}.redis.version=6-e10f55f9
networks: networks:
internal:
proxy: proxy:
external: true external: true
backend:
volumes: volumes:
postgres: postgres:
penpot_assets: penpot_assets:
configs: configs:
app_entrypoint:
name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_CONF_VERSION}
file: entrypoint-app.sh
backend_entrypoint: backend_entrypoint:
name: ${STACK_NAME}_backend_entrypoint_${BACKEND_ENTRYPOINT_CONF_VERSION} name: ${STACK_NAME}_backend_entrypoint_${BACKEND_ENTRYPOINT_CONF_VERSION}
file: entrypoint-backend.sh file: entrypoint-backend.sh
@ -131,3 +117,9 @@ secrets:
db_password: db_password:
external: true external: true
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION} name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
secret_key:
external: true
name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
smtp_password:
external: true
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}

1
entrypoint-backend.sh
View File

@ -23,6 +23,7 @@ file_env() {
load_vars() { load_vars() {
file_env "PENPOT_DATABASE_PASSWORD" file_env "PENPOT_DATABASE_PASSWORD"
file_env "PENPOT_SECRET_KEY"
file_env "PENPOT_SMTP_PASSWORD" file_env "PENPOT_SMTP_PASSWORD"
file_env "PENPOT_LDAP_BIND_PASSWORD" file_env "PENPOT_LDAP_BIND_PASSWORD"
file_env "PENPOT_GOOGLE_CLIENT_SECRET" file_env "PENPOT_GOOGLE_CLIENT_SECRET"